Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-1516 | Information Exposure Through Source Code vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
| 2021-05-06 | CVE-2021-1519 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. | 5.5 |
| 2021-05-06 | CVE-2021-1520 | Write-what-where Condition vulnerability in Cisco products A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). | 6.7 |
| 2021-05-06 | CVE-2021-1521 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. | 6.5 |
| 2021-05-06 | CVE-2021-1530 | XXE vulnerability in Cisco Broadworks Messaging Server 22.0 A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. | 7.1 |
| 2021-05-06 | CVE-2021-1532 | Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. | 6.5 |
| 2021-05-06 | CVE-2021-1535 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.3 |
| 2021-04-29 | CVE-2021-1493 | Classic Buffer Overflow vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. | 7.1 |
| 2021-04-29 | CVE-2021-1488 | OS Command Injection vulnerability in Cisco products A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). | 6.7 |
| 2021-04-29 | CVE-2021-1448 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. | 7.8 |